Sonatype Blog: Latest Posts

Secret Account In Mission-Critical Router Opens Power Plants To Tampering

Ars Technica – (International) Secret account in mission-critical router opens power plants to tampering. DHS’ Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned power utilities, railroad operators, and other large industrial players of a weakness in a widely used router that leaves them open to tampering by untrusted employees. The line of mission-critical routers manufactured by Fremont, California-based GarrettCom contains an undocumented account with a default password that gives unprivileged users access to advanced options and features, an expert in the security of industrial control systems told Ars Technica. The ―factory account‖ makes it possible for untrusted employees or contractors to significantly escalate their privileges and then tamper with electrical switches or other industrial controls that are connected to the devices. ICS-CERT issued an advisory recommending that users of the GarrettCom devices install a security update that locks down the factory account.